Bump version

Changed to Alpine
Optimized Docker Layers

.gitignore

@@ -130,4 +130,6 @@ dmypy.json
 
 # Secrets & env
 secrets.yml
-.vscode
+.vscode
+.DS_Store
+compiledstatic/

CODE_OF_CONDUCT.md

@@ -0,0 +1,76 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, sex characteristics, gender identity and expression,
+level of experience, education, socio-economic status, nationality, personal
+appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+ advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+ address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+ professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at shynet@sendmiles.email. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see
+https://www.contributor-covenant.org/faq

Dockerfile

@@ -1,33 +1,35 @@
-FROM python:3
+FROM python:3-alpine
 
+# Getting things ready
 WORKDIR /usr/src/shynet
+COPY Pipfile.lock Pipfile ./
 
-RUN apt update
-RUN apt install -y gettext
-
-# URL from https://github.com/shlinkio/shlink/issues/596 :)
-RUN curl "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-ASN&license_key=G4Lm0C60yJsnkdPi&suffix=tar.gz" | tar -xvz -C /tmp
-RUN curl "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-City&license_key=G4Lm0C60yJsnkdPi&suffix=tar.gz" | tar -xvz -C /tmp
-RUN mv /tmp/GeoLite2*/*.mmdb /etc
-
-RUN pip install pipenv
-COPY Pipfile.lock ./
-COPY Pipfile ./
-RUN pipenv install --system --deploy
-
-COPY shynet .
-RUN python manage.py collectstatic --noinput
-RUN python manage.py compilemessages
-
+# Install dependencies & configure machine
 ARG GF_UID="500"
 ARG GF_GID="500"
+RUN apk update && \
+	apk add gettext curl bash && \
+	# URL from https://github.com/shlinkio/shlink/issues/596 :)
+	curl "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-ASN&license_key=G4Lm0C60yJsnkdPi&suffix=tar.gz" | tar -xvz -C /tmp && \
+	curl "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-City&license_key=G4Lm0C60yJsnkdPi&suffix=tar.gz" | tar -xvz -C /tmp && \
+	mv /tmp/GeoLite2*/*.mmdb /etc && \
+	apk del curl && \
+	apk add --no-cache postgresql-libs && \
+	apk add --no-cache --virtual .build-deps gcc musl-dev postgresql-dev && \
+	pip install pipenv && \
+	pipenv install --system --deploy && \
+	apk --purge del .build-deps && \
+	rm -rf /var/lib/apt/lists/* && \
+	rm /var/cache/apk/* && \
+	addgroup --system -g $GF_GID appgroup && \
+	adduser appuser --system --uid $GF_UID -G appgroup
 
-# add group & user
-RUN groupadd -r -g $GF_GID appgroup && \
-   useradd appuser -r -u $GF_UID -g appgroup
+# Install Shynet
+COPY shynet .
+RUN python manage.py collectstatic --noinput && \
+	python manage.py compilemessages
 
+# Launch
 USER appuser
-
 EXPOSE 8080
-
-CMD [ "./webserver.sh" ]
+ENTRYPOINT [ "./entrypoint.sh" ]

GUIDE.md

@@ -0,0 +1,187 @@
+# Usage Guide
+
+## Table of Contents
+
+- [Installation](#installation)
+- [Updating Your Configuration](#updating-your-configuration)
+- [Enhancements](#enhancements)
+  * [Installation with SSL](#installation-with-ssl)
+  * [Configuring a Reverse Proxy](#configuring-a-reverse-proxy)
+    + [Cloudflare](#cloudflare)
+    + [Nginx](#nginx)
++ [Troubleshooting](#troubleshooting)
+
+---
+
+## Installation
+
+Installation of Shynet is easy! Follow the [Basic Installation](#basic-installation) guide below if you'd like to run Shynet over HTTP or if you are going to be running it over HTTPS through a reverse proxy. If you'd like to run Shynet over HTTPS without a reverse proxy, skip ahead to [Installation with SSL](#installation-with-ssl) instead.
+
+> **These commands assume Ubuntu.** If you're installing Shynet on a different platform, the process will be different.
+
+Before continuing, please be sure to have the latest version of Docker installed.
+
+### Basic Installation
+
+1. Pull the latest version of Shynet using `docker pull milesmcc/shynet:latest`. If you don't have Docker installed, [install it](https://docs.docker.com/get-docker/).
+
+2. Have a PostgreSQL server ready to go. This can be on the same machine as the deployment, or elsewhere. You'll just need a username, password, host, and port. (For info on how to setup a PostgreSQL server on Ubuntu, follow [this guide](https://www.digitalocean.com/community/tutorials/how-to-install-and-use-postgresql-on-ubuntu-18-04)).
+
+3. Configure an environment file for Shynet, using [this file](/TEMPLATE.env) as a template. (This file is typically named `.env`.) Make sure you set the database settings, or Shynet won't be able to run.
+
+4. Launch the Shynet server by running `docker run --env-file=<your env file> milesmcc/shynet:latest`. Watch the output of the script; if it's the first run, you'll see a temporary password printed that you can use to log in. You may need to bind Docker's port 8080 (where Shynet runs) to your local port 80 (http); this can be done using the flag `-p 80:8080` after `run`.
+
+5. Visit your service's homepage, and verify everything looks right! You should see a login prompt. Log in with the credentials from step 4. You'll probably be prompted to "confirm your email"—if you haven't set up an email server, the confirmation email will be printed to the console instead.
+
+6. Create a service by clicking "+ Create Service" in the top right hand corner. Fill out the options as appropriate. Once you're done, press "create" and you'll be redirected to your new service's analytics page.
+
+7. Finally, click on "Manage" in the top right of the service's page to get the tracking script code. Inject this script on all pages you'd like the service to track.
+
+## Updating Your Configuration
+
+When you first setup Shynet, you set a number of environment variables that determine first-run initialization settings (these variables start with `SHYNET_`). Once they're first set, though, changing them won't have any effect. Be sure to run the following commands in the same way that you deploy Shynet (i.e., linked to the same database).
+
+* Create an admin account by running `docker run --env-file=<your env file> milesmcc/shynet:latest python manage.py registeradmin <your email>`. The command will print a temporary password that you'll be able to use to log in.
+
+* Configure Shynet's hostname (e.g. `shynet.example.com` or `localhost:8000`) by running `docker run --env-file=<your env file> milesmcc/shynet:latest python manage.py hostname "<your hostname>"`. This doesn't affect Shynet's bind port; instead, it determines what hostname to inject into the tracking script. (So you'll want to use the "user-facing" hostname here.)
+
+* Name your Shynet instance by running `docker run --env-file=<your env file> milesmcc/shynet:latest python manage.py whitelabel "<your instance name>"`. This could be something like "My Shynet Server" or "Acme Analytics"—whatever suits you.
+
+---
+
+## Enhancements
+
+
+### Installation with SSL
+
+If you are going to be running Shynet through a reverse proxy, please see [Configuring a Reverse Proxy](#configuring-a-reverse-proxy) instead.
+
+0. We'll be cloning this into the home directory to make this installation easier, so run `cd ~/` if you need to.
+
+1. Instead of pulling from Docker, we will be pulling from GitHub and building using Docker in order to easily add SSL certificates. You will want to run `git clone https://github.com/milesmcc/shynet.git` to clone the GitHub repo to your current working directory.
+
+2. To install `certbot` follow [the guide here](https://certbot.eff.org/instructions) or follow along below
+   * Ubuntu 18.04
+     * `sudo apt-get update`
+     * `sudo apt-get install software-properties-common`
+     * `sudo add-apt-repository universe`
+     * `sudo add-apt-repository ppa:certbot/certbot`
+     * `sudo apt-get update`
+     * `sudo apt-get install certbot`
+
+3. Run `sudo certbot certonly --standalone` and follow the instructions to generate your SSL certificate.
+   * If you registering the certificate to a domain name like `example.com`, please be sure to point your DNS records to your current server before running `certbot`.
+
+4. We are going to move the SSL certificates to the Shynet repo with with command below. Replace `<domain>` with the domain name you used in step 3.
+   * `cp /etc/letsencrypt/live/<domain>/{cert,privkey}.pem ~/shynet/shynet/`
+
+5. With that, we are going to replace the `webserver.sh` with `ssl.webserver.sh` to enable the use of SSL certificates. The original `webserver.sh` will be backed up to `backup.webserver.sh`
+   * `mv ~/shynet/shynet/webserver.sh ~/shynet/shynet/backup.webserver.sh`
+   * `mv ~/shynet/shynet/ssl.webserver.sh ~/shynet/shynet/webserver.sh`
+
+6. Now we build the image!
+   * `docker image build shynet -t shynet-ssl:latest`
+
+7. Have a PostgreSQL server ready to go. This can be on the same machine as the deployment, or elsewhere. You'll just need a username, password, host, and port (default is `5432`). (For info on how to setup a PostgreSQL server on Ubuntu, follow [this guide](https://www.digitalocean.com/community/tutorials/how-to-install-and-use-postgresql-on-ubuntu-18-04)).
+
+8. Follow the [Basic Installation](#basic-installation) guide with just one modification: in step #4, change the local bind port from `80` to `443`, and use `shynet-ssl:latest` as your Docker image instead of `milesmcc/shynet:latest`.
+
+### Configuring a Reverse Proxy
+
+A reverse proxy has many benefits. It can be used for DDoS protection, caching files to reduce server load, routing HTTPS and/or HTTP connections, hosting multiple services on a single server, [and more](https://www.cloudflare.com/learning/cdn/glossary/reverse-proxy/)!
+
+#### Cloudflare
+
+[Cloudflare](https://www.cloudflare.com/) is a great reverse proxy option. It's free, automatically configures HTTPs, offers out-of-the-box security features, provides DNS, and requires minimal setup.
+
+1. Follow Cloudflare's [getting started guide](https://support.cloudflare.com/hc/en-us/articles/201720164-Creating-a-Cloudflare-account-and-adding-a-website).
+
+2. After setting up Cloudflare, here are a few things you should consider doing:
+   * Under the `SSL` Tab > `Overview` > Change your `SSL/TLS Encryption Mode` to `Flexible`
+   * The following will block your admin panel from anyone who isn't on your IP address. This is optional, but great for security.
+     * Under the `Firewall` tab > `Overview` > `+ Create Firewall Rule`:
+     * Name: `Admin Panel Restriction`
+     * Field: `URI Path`
+     * Operator: `equals`
+     * Value: `/admin`
+     * Click `AND`
+     * Field: `IP Address`
+     * Operator: `does not equal`
+     * Value: `<your public IP address>`
+     * Then: `Block`
+
+#### Nginx
+
+Nginx is a self hosted, highly configurable webserver. Nginx can be configured to run as a reverse proxy on either the same machine or a remote machine.
+
+##### Set up
+
+> **These commands assume Ubuntu.** If you're installing Nginx on a different platform, the process will be different.
+
+0. Before starting, shut down your Docker containers (if any are running)
+   * Run `docker container ls` to find the container ID
+   * Run `docker stop <container id from the last step>`
+
+1. Update your packages and install Nginx
+   * `sudo apt-get update`
+   * `sudo apt-get install nginx`
+
+2. Disable the default Nginx placeholder
+   * `sudo unlink /etc/nginx/sites-enabled/default`
+
+3. Create the Nginx reverse proxy config file
+   * `cd /etc/nginx/sites-available/`
+   * `vi reverse-proxy.conf` or `nano reverse-proxy.conf`
+   * Paste the following configuration into that file:
+
+   ```nginx
+   # Know what you're pasting! Read the Reference!
+   # Reference: https://nginx.org/en/docs/
+   server {
+       listen 80;
+       location / {
+           proxy_pass http://127.0.0.1:8080;
+       }
+   }
+   ```
+
+   * Save and exit the text editor
+     * `:wq` for vi
+     * `ctrl+x` then `y` for nano
+   * Link Nginx's `sites-enabled` to read the new config
+     * `sudo ln -s /etc/nginx/sites-available/reverse-proxy.conf /etc/nginx/sites-enabled/reverse-proxy.conf`
+   * Make sure the config is working
+     * `service nginx configtest`
+     * `service nginx restart`
+
+4. Restart your Docker image, but this time use `8080` as the local bind port, as that's where we configured Nginx to look
+   * `cd ~/`
+   * `docker run -p 8080:8080 --env-file=<your env file> milesmcc/shynet:latest`
+
+5. Finally, time to test!
+   * Go to `http://<your site>/admin`
+
+6. If everything is working as expected, please read through some of the following links below to customize Nginx
+   * [How to add SSL/HTTPS to Nginx (Ubuntu 18.04)](https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04)
+   * [How to add SSL/HTTPS to Nginx (Ubuntu 16.04)](https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04)
+   * [Nginx Documentation](https://nginx.org/en/docs/)
+
+---
+
+## Troubleshooting
+
+Here are solutions for some common issues. If your situation isn't described here or the solution didn't work, feel free to [create an issue](https://github.com/milesmcc/shynet/issues/new) (but be sure to check for duplicate issues first).
+
+#### The admin panel works, but no page views are showing up!
+
+* If you are running a single Shynet webserver instance (i.e., you followed the default installation instructions), verify that you haven't set `CELERY_TASK_ALWAYS_EAGER` to `False` in your environment file.
+* Verify that your cache is properly configured. In single-instance deployments, this means making sure that you haven't set any `REDIS_*` or `CELERY_*` environment variables (those are for more advanced deployments; you'll just want the defaults).
+* If your service is configured to respect Do Not Track (under "Advanced Settings"), verify that your browser isn't sending the `DNT=1` header with your requests (or temporarily disable DNT support in Shynet while testing). Sometimes, an adblocker or privacy browser extension will add this header to requests unexpectedly.
+
+#### Shynet isn't linking different pageviews from the same visitor into a single session!
+
+* Verify that your cache is properly configured. (See #2 above.) In multi-instance deployments, it's critical that all webservers are using the _same_ cache—so make sure you configure a Redis cache if you're using a non-default installation.
+
+#### I changed the `SHYNET_WHITELABEL`/`SHYNET_HOST` environment variable, but nothing happened!
+
+* Those values only affect how your Shynet instance is setup on first run; once it's configured, they have no effect. See [updating your configuration](#updating-your-configuration) for help on how to update your configuration.

README.md

@@ -1,15 +1,18 @@
+
 <p align="center">
-  <h3 align="center">🔭 Shynet 🔭</h3>
+  <img align="center" src="images/logo.png" height="50" alt="Shynet logo">
+  <br>
 
   <p align="center">
-     Web analytics that's self hosted, cookie free, privacy friendly, and useful(?) 
-    <br>
-    <br>
-    <a href="#installation"><strong>Getting started »</strong></a>
+    Modern, privacy-friendly, and cookie-free web analytics.
     <br>
+    <strong><a href="#installation">Getting started »</a></strong>
   </p>
+  <p align="center"><a href="#screenshots">Screenshots</a> &bull; <a href="#features">Features</a> &bull; <a href="https://github.com/milesmcc/a17t">Design</a></p>
 </p>
 
+<br>
+
 ## Motivation
 
 There are a _lot_ of web analytics tools. Unfortunately, most of them come with the following caveats:
@@ -31,16 +34,21 @@ _Note: These screenshots have been edited to hide sensitive data. The "real" Shy
 ![Shynet's homepage](images/homepage.png)
 _Shynet's homepage, where you can see all of your services at a glance._
 
-Not shown: service view, management view, session view, full service view. (You'll need to install Shynet to see those!)
+![A service page](images/service.png)
+_A real service page, where you can see higher-level details about a site._
+
+Not shown: management view, session view, full service view. (You'll need to install Shynet for yourself to see those!)
+
+> **Shynet is built using [a17t](https://github.com/milesmcc/a17t),** an atomic design library. Customization and extension is simple; [learn more about a17t](https://github.com/milesmcc/a17t).
 
 ## Features
 
 #### Architecture
 
-* **Runs on a single machine** &mdash; Because it's so small, Shynet can easily run as a single docker container on a single small VPS.
-* **...or across a giant Kubernetes cluster** &mdash; For higher traffic installations, Shynet can be deployed with as many parallelized ingress nodes as needed, with Redis caching and separate backend workers for database IO.
-* **Built using Django** &mdash; Shynet is built using Django, so deploying, updating, and migrating can be done without headaches.
-* **Multiple users and sites** &mdash; A single Shynet instance can support multiple users, each tracking multiple different sites.
+* **Runs on a single machine** &mdash; Because it's so small, Shynet can easily run as a single docker container on a single small VPS
+* **...or across a giant Kubernetes cluster** &mdash; For higher traffic installations, Shynet can be deployed with as many parallelized ingress nodes as needed, with Redis caching and separate backend workers for database IO
+* **Built using Django** &mdash; Shynet is built using Django, so deploying, updating, and migrating can be done without headaches
+* **Multiple users and sites** &mdash; A single Shynet instance can support multiple users, each tracking multiple different sites
 
 #### Tracking
 
@@ -67,7 +75,7 @@ Here's the information Shynet can give you about your visitors:
 
 #### Workflow
 * **Collaboration built-in** &mdash; Administrators can easily share services with other users, as well
-* **Accounts (or not)** &mdash; Shynet has a fully featured account management workflow (powered by [Django Allauth](https://github.com/pennersr/django-allauth/)).
+* **Accounts (or not)** &mdash; Shynet has a fully featured account management workflow (powered by [Django Allauth](https://github.com/pennersr/django-allauth/))
 
 ## Recommendations
 
@@ -85,88 +93,22 @@ Shynet is pretty simple, but there are a few key terms you need to know in order
 
 ## Installation
 
-To install Shynet using the simplest possible setup, follow these instructions. Instructions for multi-machine deployments will be available soon.
-
-> **These commands assume Ubuntu.** If you're installing Shynet on a different platform, the process will be different.
-
-1. Pull the latest version of Shynet using `docker pull milesmcc/shynet:latest`. If you don't have Docker installed, [install it](https://docs.docker.com/get-docker/).
-
-2. Have a PostgreSQL server ready to go. This can be on the same machine as the deployment, or elsewhere. You'll just need a username, password, and host. (For info on how to setup a PostgreSQL server on Ubuntu, follow [this guide](https://www.digitalocean.com/community/tutorials/how-to-install-and-use-postgresql-on-ubuntu-18-04)).
-
-3. Configure an environment file for Shynet. (For example, create a file called `.env`.) Be sure to swap out the variables below with the correct values for your setup. (The comments refer to the lines that follow. Note that Docker is weird with quotes, so it tends to be better to omit them from your env file.)
-
-```
-# Database
-DB_NAME=<your db name>
-DB_USER=<your db user>
-DB_PASSWORD=<your db user password>
-DB_HOST=<your db host>
-
-# General Django settings
-DJANGO_SECRET_KEY=<your Django secret key; just a random string>
-# Don't leak error details to visitors, very important
-DEBUG=False
-CELERY_TASK_ALWAYS_EAGER=True 
-# For better security, set this to your deployment's domain. Comma separated.
-ALLOWED_HOSTS=*
-# Set to True (capitalized) if you want people to be able to sign up for your Shynet instance (not recommended)
-SIGNUPS_ENABLED=False
-# Change as required
-TIME_ZONE=America/New_York
-# Set to "False" if you will not be serving content over HTTPS
-SCRIPT_USE_HTTPS=True
-```
-
-For more advanced deployments, you may consider adding the following settings to your environment file. **The following settings are optional, and not required for simple deployments.**
-
-```env
-# Email settings
-EMAIL_HOST_USER=<your SMTP email user>
-EMAIL_HOST_PASSWORD=<your SMTP email password>
-EMAIL_HOST=<your SMTP email hostname>
-SERVER_EMAIL=Shynet <noreply@shynet.example.com>
-
-# Redis and queue settings; not necessary for single-instance deployments
-REDIS_CACHE_LOCATION=redis://redis.default.svc.cluster.local/0 
-# If set, make sure CELERY_TASK_ALWAYS_EAGER is False
-CELERY_BROKER_URL=redis://redis.default.svc.cluster.local/1
-```
-
-4. Setup the Shynet database by running `docker run --env-file=<your env file> milesmcc/shynet:latest python manage.py migrate`.
-
-5. Create your admin account by running `docker run --env-file=<your env file> milesmcc/shynet:latest python manage.py registeradmin <your email>`. The command will print a temporary password that you'll be able to use to log in.
-
-6. Configure Shynet's hostname (e.g. `shynet.example.com` or `localhost:8000`) by running `docker run --env-file=<your env file> milesmcc/shynet:latest python manage.py hostname "<your hostname>"`. This doesn't affect Shynet's bind port; instead, it determines what hostname to inject into the tracking script. (So you'll want to use the "user-facing" hostname here.)
-
-7. Name your Shynet instance by running `docker run --env-file=<your env file> milesmcc/shynet:latest python manage.py whitelabel "<your instance name>"`. This could be something like "My Shynet Server" or "Acme Analytics"—whatever suits you.
-
-8. Launch the Shynet server by running `docker run --env-file=<your env file> milesmcc/shynet:latest`. You may need to bind Docker's port 8000 (where Shynet runs) to your local port 8000; this can be done using the flag `-p 8080:8080`.
-
-9. Visit your service's homepage, and verify everything looks right! You should see a login prompt. Log in with the credentials from step 5. You'll probably be prompted to "confirm your email"—if you haven't set up an email server, the confirmation email will be printed to the console instead.
-
-10. Create a service by clicking "+ Create Service" in the top right hand corner. Fill out the options as appropriate. Once you're done, press "create" and you'll be redirected to your new service's analytics page.
-
-11. Finally, click on "Manage" in the top right of the service's page to get the tracking script code. Inject this script on all pages you'd like the service to track.
-
-**Next steps:** while out of the scope of this short guide, next steps include setting up Shynet behind a reverse proxy (be it your own [Nginx server](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) or [Cloudflare](https://cloudflare.com)), making it run in the background, and integrating it on your sites. Integration instructions are available on each service's management page.
-
+You can find intructions on getting started and usage in the [Usage Guide](GUIDE.md#installation). Out of the box, we support deploying via a simple
+Docker container, docker-compose, or Kubernetes (see [kubernetes](/kubernetes)).
 
 ## FAQ
 
 **Does Shynet respond to Do Not Track (DNT) signals?** Yes. While there isn't any standardized way to handle DNT requests, Shynet allows you to specify whether you want to collect any data from users with DNT enabled on a per-service basis. (By default, Shynet will _not_ collect any data from users who specify DNT.)
 
-**Is this GDPR compliant?** I think so, but it also depends on how you use it. If you're worried about GDPR, you should talk to a lawyer about your particular data collection practices. I'm not a lawyer. (And this isn't legal advice.)
+**Is this GDPR compliant?** It depends on how you use it. If you're worried about GDPR, you should talk to a lawyer about your particular data collection practices. I'm not a lawyer. (And this isn't legal advice.)
+
+## Troubleshooting
+
+Having trouble with Shynet? Check out the [troubleshooting guide](GUIDE.md#troubleshooting), or [create an issue](https://github.com/milesmcc/shynet/issues/new) if you think you found a bug in Shynet itself (or have a feature suggestion).
 
 ## Roadmap
 
-The following features are planned:
-
-* **Rollups** (aggregate old data to save space)
-* **Anomaly detection** (get email alerts when you get a traffic spike or dip)
-* **Interactive traffic heatmap** (see where in the world your visitors are coming from)
-* **Better collaboration interface** (the current interface is... a draft)
-* **Data deletion tool** (easily prune user data by specifying an ID or IP)
-* **Differential privacy** (explore and share your data without revealing any personal information)
+To see the upcoming planned features, check out the repository's [roadmap project](https://github.com/milesmcc/shynet/projects/1). Upcoming features include data aggregation through rollups, anomaly detection, detailed data exports, two-factor authentication, and a data deletion tool.
 
 ## In the Wild
 
@@ -174,7 +116,7 @@ These sites use Shynet to monitor usage without violating visitors' privacy: [Po
 
 ## Contributing
 
-Are you interested in contributing to Shynet? Just send a pull request! Maybe once the project matures there will be more detailed contribution guidelines, but for now just send the code this way. Just know that by contributing, you agree to share all of your contributions under the same license as the project (see [LICENSE](LICENSE)).
+Are you interested in contributing to Shynet? Just send a pull request! Maybe once the project matures there will be more detailed contribution guidelines, but for now just send the code this way and we'll make sure it meets our standards together. Just know that by contributing, you agree to share all of your contributions under the same license as the project (see [LICENSE](LICENSE)). And always be sure to follow the [Code of Conduct](https://github.com/milesmcc/shynet/blob/master/CODE_OF_CONDUCT.md).
 
 ## License
 
@@ -182,4 +124,4 @@ Shynet is made available under the [Apache License, version 2.0](LICENSE).
 
 ---
 
-a17t was created by [Miles McCain](https://miles.land) at the [Recurse Center](https://recurse.com) using [a17t](https://a17t.miles.land).
+Shynet was created by [Miles McCain](https://miles.land) ([@MilesMcCain](https://twitter.com/MilesMcCain)) at the [Recurse Center](https://recurse.com) using [a17t](https://a17t.miles.land).

TEMPLATE.env

@@ -0,0 +1,66 @@
+# This file shows all of the environment variables you can
+# set to configure Shynet, as well as information about their
+# effects. Make a copy of this file to configure your deployment.
+
+# Database settings (PostgreSQL)
+DB_NAME=shynet_db
+DB_USER=shynet_db_user
+DB_PASSWORD=shynet_db_user_password
+DB_HOST=db
+DB_PORT=5432
+
+# Email settings (optional)
+EMAIL_HOST_USER=example
+EMAIL_HOST_PASSWORD=example_password
+EMAIL_HOST=smtp.example.com
+SERVER_EMAIL=<Shynet> noreply@shynet.example.com
+
+# General Django settings
+DJANGO_SECRET_KEY=random_string
+
+# For better security, set this to your deployment's domain. Comma separated.
+ALLOWED_HOSTS=*
+
+# Set to True (capitalized) if you want people to be able to sign up for your Shynet instance (not recommended)
+SIGNUPS_ENABLED=False
+
+# The timezone of the admin panel. Affects how dates are displayed.
+TIME_ZONE=America/New_York
+
+# Set to "False" if you will not be serving content over HTTPS
+SCRIPT_USE_HTTPS=True
+
+# How frequently should the monitoring script "phone home" (in ms)?
+SCRIPT_HEARTBEAT_FREQUENCY=5000
+
+# How much time can elapse between requests from the same user before a new
+# session is created, in seconds?
+SESSION_MEMORY_TIMEOUT=1800
+
+# Should only superusers (admins) be able to create services? This is helpful
+# when you'd like to invite others to your Shynet instance but don't want
+# them to be able to create services of their own.
+ONLY_SUPERUSERS_CREATE=True
+
+# Whether to perform checks and setup at startup, including applying unapplied
+# migrations. For most setups, the recommended value is True. Defaults to True.
+# Will skip only if value is False.
+PERFORM_CHECKS_AND_SETUP=True
+
+# Your admin user's email. A temporary password will be printed
+# to the console on first run.
+SHYNET_ADMIN_EMAIL=you@example.com
+
+# The domain on which you'll be hosting Shynet. 
+SHYNET_HOST=shynet.example.com
+
+# What you'd like to call your Shynet instance.
+SHYNET_WHITELABEL=My Shynet Instance
+
+# Redis and queue settings; not necessary for single-instance deployments.
+# Don't uncomment these unless you know what you are doing!
+# REDIS_CACHE_LOCATION=redis://redis.default.svc.cluster.local/0 
+# If CELERY_BROKER_URL is set, make sure CELERY_TASK_ALWAYS_EAGER is False and
+# that you have a separate queue consumer running somewhere via `celeryworker.sh`.
+# CELERY_TASK_ALWAYS_EAGER=False
+# CELERY_BROKER_URL=redis://redis.default.svc.cluster.local/1

docker-compose.yml

@@ -0,0 +1,32 @@
+version: '3'
+services:
+  shynet:
+    image: milesmcc/shynet:latest
+    restart: unless-stopped
+    expose:
+      - 8080
+    env_file:
+      # Create a file called '.env' if it doesn't already exist.
+      # You can use `TEMPLATE.env` as a guide.
+      - .env
+    environment:
+      - DB_HOST=db
+    networks:
+      - internal
+    depends_on:
+      - db
+  db:
+    image: postgres
+    restart: always
+    environment:
+      - "POSTGRES_USER=${DB_USER}"
+      - "POSTGRES_PASSWORD=${DB_PASSWORD}"
+      - "POSTGRES_DB=${DB_NAME}"
+    volumes:
+      - shynet_db:/var/lib/postgresql/data
+    networks:
+      - internal
+volumes:
+  shynet_db:
+networks:
+  internal:

kubernetes/deployments.yml

@@ -18,7 +18,6 @@ spec:
       containers:
       - name: "covideo-webserver"
         image: "milesmcc/shynet:latest"
-        command: ["./webserver.sh"]
         imagePullPolicy: Always
         envFrom:
         - secretRef:

shynet/a17t/templates/a17t/head.html

@@ -1,3 +1,10 @@
 <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/a17t@0.1.3/dist/a17t.css">
 <script async src="https://use.fontawesome.com/releases/v5.3.1/js/all.js"></script>
 <link href="https://cdn.jsdelivr.net/npm/tailwindcss@^1.0/dist/tailwind.min.css" rel="stylesheet">
+<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600&display=swap" rel="stylesheet">
+<style>
+    :root {
+        --family-primary: "Inter", system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, "Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";
+        --family-secondary: var(--family-primary);
+    }
+</style>

shynet/analytics/migrations/0003_auto_20200502_1227.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.0.5 on 2020-05-02 16:27
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('analytics', '0002_auto_20200415_1742'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='session',
+            name='ip',
+            field=models.GenericIPAddressField(db_index=True, null=True),
+        ),
+    ]

shynet/analytics/models.py

@@ -39,7 +39,7 @@ class Session(models.Model):
         default="OTHER",
     )
     os = models.TextField()
-    ip = models.GenericIPAddressField(db_index=True)
+    ip = models.GenericIPAddressField(db_index=True, null=True)
 
     # GeoIP data
     asn = models.TextField(blank=True)

shynet/analytics/tasks.py

@@ -3,6 +3,7 @@ import logging
 
 import geoip2.database
 import user_agents
+from hashlib import sha1
 from celery import shared_task
 from django.conf import settings
 from django.core.cache import cache
@@ -42,7 +43,15 @@ def _geoip2_lookup(ip):
 
 @shared_task
 def ingress_request(
-    service_uuid, tracker, time, payload, ip, location, user_agent, dnt=False, identifier=""
+    service_uuid,
+    tracker,
+    time,
+    payload,
+    ip,
+    location,
+    user_agent,
+    dnt=False,
+    identifier="",
 ):
     try:
         service = Service.objects.get(pk=service_uuid, status=Service.ACTIVE)
@@ -51,34 +60,39 @@ def ingress_request(
         if dnt and service.respect_dnt:
             return
 
-        ip_data = _geoip2_lookup(ip)
-        log.debug(f"Found geoip2 data")
-
         # Validate payload
         if payload.get("loadTime", 1) <= 0:
             payload["loadTime"] = None
 
-        # Create or update session
-        session = (
-            Session.objects.filter(
-                service=service,
-                last_seen__gt=timezone.now() - timezone.timedelta(minutes=10),
-                ip=ip,
-                user_agent=user_agent,
-            ).first()
-            # We used to check for identifiers, but that can cause issues when people
-            # re-open the page in a new tab, for example. It's better to match sessions
-            # solely based on IP and user agent.
+        association_id_hash = sha1()
+        association_id_hash.update(str(ip).encode("utf-8"))
+        association_id_hash.update(str(user_agent).encode("utf-8"))
+        session_cache_path = (
+            f"session_association_{service.pk}_{association_id_hash.hexdigest()}"
         )
+
+        # Create or update session
+        session = None
+        if cache.get(session_cache_path) is not None:
+            cache.touch(session_cache_path, settings.SESSION_MEMORY_TIMEOUT)
+            session = Session.objects.filter(
+                pk=cache.get(session_cache_path), service=service
+            ).first()
         if session is None:
-            log.debug("Cannot link to existing session; creating a new one...")
-            ua = user_agents.parse(user_agent)
             initial = True
+
+            log.debug("Cannot link to existing session; creating a new one...")
+
+            ip_data = _geoip2_lookup(ip)
+            log.debug(f"Found geoip2 data...")
+
+            ua = user_agents.parse(user_agent)
             device_type = "OTHER"
             if (
                 ua.is_bot
                 or (ua.browser.family or "").strip().lower() == "googlebot"
-                or (ua.device.family or ua.device.model or "").strip().lower() == "spider"
+                or (ua.device.family or ua.device.model or "").strip().lower()
+                == "spider"
             ):
                 device_type = "ROBOT"
             elif ua.is_mobile:
@@ -89,7 +103,7 @@ def ingress_request(
                 device_type = "DESKTOP"
             session = Session.objects.create(
                 service=service,
-                ip=ip,
+                ip=ip if service.collect_ips else None,
                 user_agent=user_agent,
                 identifier=identifier.strip(),
                 browser=ua.browser.family or "",
@@ -102,9 +116,14 @@ def ingress_request(
                 latitude=ip_data.get("latitude"),
                 time_zone=ip_data.get("time_zone", ""),
             )
+            cache.set(
+                session_cache_path, session.pk, timeout=settings.SESSION_MEMORY_TIMEOUT
+            )
         else:
-            log.debug("Updating old session with new data...")
             initial = False
+
+            log.debug("Updating old session with new data...")
+
             # Update last seen time
             session.last_seen = timezone.now()
             if session.identifier == "" and identifier.strip() != "":
@@ -115,9 +134,10 @@ def ingress_request(
         idempotency = payload.get("idempotency")
         idempotency_path = f"hit_idempotency_{idempotency}"
         hit = None
+
         if idempotency is not None:
             if cache.get(idempotency_path) is not None:
-                cache.touch(idempotency_path, 10 * 60)
+                cache.touch(idempotency_path, settings.SESSION_MEMORY_TIMEOUT)
                 hit = Hit.objects.filter(
                     pk=cache.get(idempotency_path), session=session
                 ).first()
@@ -128,6 +148,7 @@ def ingress_request(
                     hit.heartbeats += 1
                     hit.last_seen = timezone.now()
                     hit.save()
+
         if hit is None:
             log.debug("Hit is a page load; creating new hit...")
             # There is no existing hit; create a new one
@@ -144,7 +165,9 @@ def ingress_request(
             )
             # Set idempotency (if applicable)
             if idempotency is not None:
-                cache.set(idempotency_path, hit.pk, timeout=10 * 60)
+                cache.set(
+                    idempotency_path, hit.pk, timeout=settings.SESSION_MEMORY_TIMEOUT
+                )
     except Exception as e:
         log.exception(e)
         raise e

shynet/analytics/templates/analytics/scripts/page.js

@@ -4,6 +4,9 @@ window.onload = function () {
     Math.random().toString(36).substring(2, 15);
   function sendUpdate() {
     try {
+      if (document.hidden) {
+        return;
+      }
       var xhr = new XMLHttpRequest();
       xhr.open(
         "POST",
@@ -21,8 +24,8 @@ window.onload = function () {
             window.performance.timing.navigationStart,
         })
       );
-    } catch {}
+    } catch { }
   }
-  setInterval(sendUpdate, 5000);
+  setInterval(sendUpdate, parseInt("{{heartbeat_frequency}}"));
   sendUpdate();
 };

shynet/analytics/views/ingress.py

@@ -2,7 +2,9 @@ import base64
 import json
 
 from django.conf import settings
-from django.http import HttpResponse
+from django.core.cache import cache
+from django.core.exceptions import ValidationError
+from django.http import HttpResponse, Http404, HttpResponseBadRequest
 from django.shortcuts import render, reverse
 from django.utils import timezone
 from django.utils.decorators import method_decorator
@@ -10,6 +12,8 @@ from django.views.decorators.csrf import csrf_exempt
 from django.views.generic import TemplateView, View
 from ipware import get_client_ip
 
+from core.models import Service
+
 from ..tasks import ingress_request
 
 
@@ -32,14 +36,37 @@ def ingress(request, service_uuid, identifier, tracker, payload):
         identifier=identifier,
     )
 
+class ValidateServiceOriginsMixin:
+    def dispatch(self, request, *args, **kwargs):
+        try:
+            service_uuid = self.kwargs.get("service_uuid")
+            origins = cache.get(f"service_origins_{service_uuid}")
 
-class PixelView(View):
+            if origins is None:
+                service = Service.objects.get(uuid=service_uuid)
+                origins = service.origins
+                cache.set(f"service_origins_{service_uuid}", origins, timeout=3600)
+
+            resp = super().dispatch(request, *args, **kwargs)
+            resp["Access-Control-Allow-Origin"] = origins
+            resp["Access-Control-Allow-Methods"] = "GET,HEAD,OPTIONS,POST"
+            resp[
+                "Access-Control-Allow-Headers"
+            ] = "Origin, X-Requested-With, Content-Type, Accept, Authorization, Referer"
+            return resp
+        except Service.DoesNotExist:
+            raise Http404()
+        except ValidationError:
+            return HttpResponseBadRequest()
+
+
+class PixelView(ValidateServiceOriginsMixin, View):
     # Fallback view to serve an unobtrusive 1x1 transparent tracking pixel for browsers with
     # JavaScript disabled.
-    def dispatch(self, request, *args, **kwargs):
+    def get(self, *args, **kwargs):
         # Extract primary data
         ingress(
-            request,
+            self.request,
             self.kwargs.get("service_uuid"),
             self.kwargs.get("identifier", ""),
             "PIXEL",
@@ -56,16 +83,7 @@ class PixelView(View):
 
 
 @method_decorator(csrf_exempt, name="dispatch")
-class ScriptView(View):
-    def dispatch(self, request, *args, **kwargs):
-        resp = super().dispatch(request, *args, **kwargs)
-        resp["Access-Control-Allow-Origin"] = "*"
-        resp["Access-Control-Allow-Methods"] = "GET,HEAD,OPTIONS,POST"
-        resp[
-            "Access-Control-Allow-Headers"
-        ] = "Origin, X-Requested-With, Content-Type, Accept, Authorization, Referer"
-        return resp
-
+class ScriptView(ValidateServiceOriginsMixin, View):
     def get(self, *args, **kwargs):
         protocol = "https" if settings.SCRIPT_USE_HTTPS else "http"
         endpoint = (
@@ -82,10 +100,15 @@ class ScriptView(View):
                 },
             )
         )
+        heartbeat_frequency = settings.SCRIPT_HEARTBEAT_FREQUENCY
         return render(
             self.request,
             "analytics/scripts/page.js",
-            context={"endpoint": endpoint, "protocol": protocol},
+            context={
+                "endpoint": endpoint,
+                "protocol": protocol,
+                "heartbeat_frequency": heartbeat_frequency,
+            },
             content_type="application/javascript",
         )
 

shynet/core/management/commands/hostname.py

@@ -1,10 +1,12 @@
-from django.core.management.base import BaseCommand, CommandError
+import traceback
+import uuid
+
 from django.conf import settings
 from django.contrib.sites.models import Site
-from core.models import User
+from django.core.management.base import BaseCommand, CommandError
 from django.utils.crypto import get_random_string
-import uuid
-import traceback
+
+from core.models import User
 
 
 class Command(BaseCommand):
@@ -12,8 +14,7 @@ class Command(BaseCommand):
 
     def add_arguments(self, parser):
         parser.add_argument(
-            "hostname",
-            type=str,
+            "hostname", type=str,
         )
 
     def handle(self, *args, **options):
@@ -24,4 +25,4 @@ class Command(BaseCommand):
             self.style.SUCCESS(
                 f"Successfully set the hostname to '{options.get('hostname')}'"
             )
-        )
+        )

shynet/core/management/commands/registeradmin.py

@@ -1,10 +1,12 @@
-from django.core.management.base import BaseCommand, CommandError
+import traceback
+import uuid
+
 from django.conf import settings
 from django.contrib.sites.models import Site
-from core.models import User
+from django.core.management.base import BaseCommand, CommandError
 from django.utils.crypto import get_random_string
-import uuid
-import traceback
+
+from core.models import User
 
 
 class Command(BaseCommand):
@@ -12,18 +14,13 @@ class Command(BaseCommand):
 
     def add_arguments(self, parser):
         parser.add_argument(
-            "email",
-            type=str,
+            "email", type=str,
         )
 
     def handle(self, *args, **options):
         email = options.get("email")
         password = get_random_string()
-        User.objects.create_superuser(
-            str(uuid.uuid4()), email=email, password=password
-        )
-        self.stdout.write(
-            self.style.SUCCESS("Successfully created a Shynet superuser")
-        )
+        User.objects.create_superuser(str(uuid.uuid4()), email=email, password=password)
+        self.stdout.write(self.style.SUCCESS("Successfully created a Shynet superuser"))
         self.stdout.write(f"Email address: {email}")
         self.stdout.write(f"Password: {password}")

shynet/core/management/commands/startup_checks.py

@@ -0,0 +1,49 @@
+import traceback
+import uuid
+
+from django.conf import settings
+from django.contrib.sites.models import Site
+from django.core.management.base import BaseCommand, CommandError
+from django.utils.crypto import get_random_string
+
+from django.db import DEFAULT_DB_ALIAS, connections
+from django.db.utils import OperationalError, ConnectionHandler
+from django.core.exceptions import ImproperlyConfigured
+
+from core.models import User
+
+
+class Command(BaseCommand):
+    help = "Internal command to perform startup sanity checks."
+
+    def check_migrations(self):
+        from django.db.migrations.executor import MigrationExecutor
+        try:
+            executor = MigrationExecutor(connections[DEFAULT_DB_ALIAS])
+        except OperationalError:
+            # DB_NAME database not found?
+            return True
+        except ImproperlyConfigured:
+            # No databases are configured (or the dummy one)
+            return True
+        
+        if executor.migration_plan(executor.loader.graph.leaf_nodes()):
+            return True
+        
+        return False
+    
+    
+    def handle(self, *args, **options):
+        migration = self.check_migrations()
+
+        admin, hostname, whitelabel = [True] * 3
+        if not migration:
+            admin = not User.objects.all().exists()
+            hostname = not Site.objects.filter(domain__isnull=False).exclude(domain__exact="").exclude(domain__exact="example.com").exists()
+            whitelabel = not Site.objects.filter(name__isnull=False).exclude(name__exact="").exclude(name__exact="example.com").exists()
+
+        self.stdout.write(
+            self.style.SUCCESS(
+                f"{migration} {admin} {hostname} {whitelabel}"
+            )
+        )

shynet/core/management/commands/whitelabel.py

@@ -1,10 +1,12 @@
-from django.core.management.base import BaseCommand, CommandError
+import traceback
+import uuid
+
 from django.conf import settings
 from django.contrib.sites.models import Site
-from core.models import User
+from django.core.management.base import BaseCommand, CommandError
 from django.utils.crypto import get_random_string
-import uuid
-import traceback
+
+from core.models import User
 
 
 class Command(BaseCommand):
@@ -12,8 +14,7 @@ class Command(BaseCommand):
 
     def add_arguments(self, parser):
         parser.add_argument(
-            "name",
-            type=str,
+            "name", type=str,
         )
 
     def handle(self, *args, **options):
@@ -24,4 +25,4 @@ class Command(BaseCommand):
             self.style.SUCCESS(
                 f"Successfully set the whitelabel to '{options.get('name')}'"
             )
-        )
+        )

shynet/core/migrations/0003_service_respect_dnt.py

@@ -6,13 +6,13 @@ from django.db import migrations, models
 class Migration(migrations.Migration):
 
     dependencies = [
-        ('core', '0002_auto_20200415_1742'),
+        ("core", "0002_auto_20200415_1742"),
     ]
 
     operations = [
         migrations.AddField(
-            model_name='service',
-            name='respect_dnt',
+            model_name="service",
+            name="respect_dnt",
             field=models.BooleanField(default=True),
         ),
     ]

shynet/core/migrations/0004_service_collect_ips.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.0.5 on 2020-05-02 16:22
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('core', '0003_service_respect_dnt'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='service',
+            name='collect_ips',
+            field=models.BooleanField(default=True),
+        ),
+    ]

shynet/core/models.py

@@ -42,6 +42,7 @@ class Service(models.Model):
         max_length=2, choices=SERVICE_STATUSES, default=ACTIVE, db_index=True
     )
     respect_dnt = models.BooleanField(default=True)
+    collect_ips = models.BooleanField(default=True)
 
     class Meta:
         ordering = ["name", "uuid"]

shynet/dashboard/forms.py

@@ -1,22 +1,24 @@
+from allauth.account.admin import EmailAddress
 from django import forms
 from django.utils.translation import gettext_lazy as _
 
 from core.models import Service, User
-from allauth.account.admin import EmailAddress
 
 
 class ServiceForm(forms.ModelForm):
     class Meta:
         model = Service
-        fields = ["name", "link", "respect_dnt", "collaborators"]
+        fields = ["name", "link", "respect_dnt", "collect_ips", "origins", "collaborators"]
         widgets = {
             "name": forms.TextInput(),
             "origins": forms.TextInput(),
             "respect_dnt": forms.RadioSelect(choices=[(True, "Yes"), (False, "No")]),
+            "collect_ips": forms.RadioSelect(choices=[(True, "Yes"), (False, "No")]),
         }
         labels = {
             "origins": "Allowed Hostnames",
             "respect_dnt": "Respect DNT",
+            "collect_ips": "Collect IP addresses"
         }
         help_texts = {
             "name": _("What should the service be called?"),
@@ -25,10 +27,13 @@ class ServiceForm(forms.ModelForm):
                 "At what hostnames does the service operate? This sets CORS headers, so use '*' if you're not sure (or don't care)."
             ),
             "respect_dnt": "Should visitors who have enabled <a href='https://en.wikipedia.org/wiki/Do_Not_Track'>Do Not Track</a> be excluded from all data?",
+            "collect_ips": "Should individual IP addresses be collected? IP metadata (location, host, etc) will still be collected."
         }
 
-    collaborators = forms.CharField(help_text="Which users should have read-only access to this service? (Comma separated list of emails.)", required=False)
-
+    collaborators = forms.CharField(
+        help_text="Which users should have read-only access to this service? (Comma separated list of emails.)",
+        required=False,
+    )
 
     def clean_collaborators(self):
         collaborators = []
@@ -36,7 +41,9 @@ class ServiceForm(forms.ModelForm):
             email = collaborator_email.strip()
             if email == "":
                 continue
-            collaborator_email_linked = EmailAddress.objects.filter(email__iexact=email).first()
+            collaborator_email_linked = EmailAddress.objects.filter(
+                email__iexact=email
+            ).first()
             if collaborator_email_linked is None:
                 raise forms.ValidationError(f"Email '{email}' is not registered")
             collaborators.append(collaborator_email_linked.user)

shynet/dashboard/mixins.py

@@ -1,6 +1,6 @@
+from datetime import datetime, time
 from urllib.parse import urlparse
 
-from datetime import time, datetime
 from django.utils import timezone
 
 

shynet/dashboard/templates/base.html

@@ -1,4 +1,4 @@
-{% load static rules %}
+{% load static rules helpers %}
 <!DOCTYPE html>
 
 <html>
@@ -20,8 +20,8 @@
 <body class="bg-gray-200 min-h-full">
   {% block body %}
 
-  <section class="max-w-screen-xl mx-auto px-4 md:px-0 py-4 md:py-12 md:flex">
-    <aside class="mb-8 md:w-2/12 md:pr-6 relative flex flex-wrap md:block justify-between items-center">
+  <section class="max-w-screen-xl mx-auto px-4 py-4 md:py-12 md:flex">
+    <aside class="mb-8 md:w-2/12 md:pr-6 relative flex flex-wrap md:block justify-between items-center overflow-x-hidden">
       <a class="icon ~urge ml-2 md:ml-6 md:mb-8 md:mt-3" href="{% url 'dashboard:dashboard' %}">
         <i class="fas fa-binoculars fa-3x text-purple-600 hidden md:block"></i>
         <i class="fas fa-binoculars fa-2x text-purple-600 md:hidden"></i>
@@ -93,6 +93,10 @@
         {% include 'dashboard/includes/sidebar_portal.html' with label="Sign Up" url=url %}
 
         {% endif %}
+
+        <hr class="sep h-8">
+
+        {% sidebar_footer %}
       </div>
     </aside>
     <div class="md:w-10/12">

shynet/dashboard/templates/dashboard/includes/service_form.html

@@ -0,0 +1,13 @@
+{% load a17t_tags %}
+
+{{form.name|a17t}}
+{{form.link|a17t}}
+{{form.collaborators|a17t}}
+
+<details class="p-4 border rounded">
+    <summary class="cursor-pointer text-sm">Advanced settings</summary>
+    <hr class="sep h-4">
+    {{form.respect_dnt|a17t}}
+    {{form.collect_ips|a17t}}
+    {{form.origins|a17t}}
+</details>

shynet/dashboard/templates/dashboard/includes/sidebar_footer.html

@@ -0,0 +1,5 @@
+<div class="pl-2">
+  <p class="support text-gray-600">
+    <a href="https://github.com/milesmcc/shynet">Shynet {{version}}</a>
+  </p>
+</div>

shynet/dashboard/templates/dashboard/pages/service_create.html

@@ -10,7 +10,7 @@
 <form class="card ~neutral !low p-0 max-w-xl" method="POST">
     {% csrf_token %}
     <div class="p-4">
-        {{form|a17t}}
+        {% include 'dashboard/includes/service_form.html' %}
     </div>
     <div class="section ~urge !normal p-4">
         <button type="submit" class="button ~urge !high">Create</button>

shynet/dashboard/templates/dashboard/pages/service_session.html

@@ -59,8 +59,8 @@
             </p>
         </div>
         <div>
-            <p>Time Zone</p>
-            <p class="label">{{session.time_zone|default:"Unknown"}}</p>
+            <p>IP</p>
+            <p class="label" title="{{session.ip}}">{{session.ip|default:"Not Collected"|truncatechars:"16"}}</p>
         </div>
     </div>
 </article>

shynet/dashboard/templates/dashboard/pages/service_update.html

@@ -23,7 +23,7 @@
     <form class="card ~neutral !low p-0" method="POST">
         {% csrf_token %}
         <div class="p-4">
-            {{form|a17t}}
+            {% include 'dashboard/includes/service_form.html' %}
         </div>
         <div class="section ~neutral !normal p-4 flex justify-between">
             <div>

shynet/dashboard/templatetags/helpers.py

@@ -1,7 +1,9 @@
 from urllib.parse import urlparse
-import pycountry
+
 import flag
+import pycountry
 from django import template
+from django.conf import settings
 from django.utils import timezone
 from django.utils.html import escape
 from django.utils.safestring import SafeString
@@ -41,17 +43,12 @@ def country_name(isocode):
 
 @register.simple_tag
 def relative_stat_tone(
-    start,
-    end,
-    good="UP",
-    good_classes=None,
-    bad_classes=None,
-    neutral_classes=None,
+    start, end, good="UP", good_classes=None, bad_classes=None, neutral_classes=None,
 ):
     good_classes = good_classes or "~positive"
     bad_classes = bad_classes or "~critical"
     neutral_classes = neutral_classes or "~neutral"
-    
+
     if start == None or end == None or start == end:
         return neutral_classes
     if good == "UP":
@@ -84,6 +81,11 @@ def percent_change_display(start, end):
 
     return SafeString(direction + pct_change)
 
+@register.inclusion_tag("dashboard/includes/sidebar_footer.html")
+def sidebar_footer():
+    return {
+        "version": settings.VERSION
+    }
 
 @register.inclusion_tag("dashboard/includes/stat_comparison.html")
 def compare(

shynet/dashboard/views.py

@@ -1,5 +1,6 @@
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.contrib.messages.views import SuccessMessageMixin
+from django.core.cache import cache
 from django.db.models import Q
 from django.shortcuts import get_object_or_404, reverse
 from django.utils import timezone
@@ -77,6 +78,13 @@ class ServiceUpdateView(
     def get_success_url(self):
         return reverse("dashboard:service", kwargs={"pk": self.object.uuid})
 
+    def form_valid(self, *args, **kwargs):
+        resp = super().form_valid(*args, **kwargs)
+        cache.set(
+            f"service_origins_{self.object.uuid}", self.object.origins, timeout=3600
+        )
+        return resp
+
 
 class ServiceDeleteView(
     LoginRequiredMixin, PermissionRequiredMixin, SuccessMessageMixin, DeleteView

shynet/entrypoint.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+if [[ ! $PERFORM_CHECKS_AND_SETUP == False ]]; then
+  ./startup_checks.sh
+fi
+
+./webserver.sh

shynet/shynet/settings.py

@@ -1,7 +1,5 @@
 """
-Django settings for shynet project.
-
-Generated by 'django-admin startproject' using Django 2.2.5.
+Django settings for Shynet.
 
 For more information on this file, see
 https://docs.djangoproject.com/en/2.2/topics/settings/
@@ -15,6 +13,9 @@ import os
 # Messages
 from django.contrib.messages import constants as messages
 
+# Increment on new releases
+VERSION = "v0.3.1"
+
 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 
@@ -26,7 +27,7 @@ BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 SECRET_KEY = os.getenv("DJANGO_SECRET_KEY", "onlyusethisindev")
 
 # SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = os.getenv("DEBUG", "True") == "True"
+DEBUG = os.getenv("DEBUG", "False") == "True"
 
 ALLOWED_HOSTS = os.getenv("ALLOWED_HOSTS", "*").split(",")
 
@@ -213,7 +214,7 @@ SITE_ID = 1
 
 # Celery
 
-CELERY_TASK_ALWAYS_EAGER = os.getenv("CELERY_TASK_ALWAYS_EAGER", "False") == "True"
+CELERY_TASK_ALWAYS_EAGER = os.getenv("CELERY_TASK_ALWAYS_EAGER", "True") == "True"
 
 CELERY_BROKER_URL = os.getenv("CELERY_BROKER_URL")
 CELERY_REDIS_SOCKET_TIMEOUT = 15
@@ -256,3 +257,11 @@ ONLY_SUPERUSERS_CREATE = os.getenv("ONLY_SUPERUSERS_CREATE", "True") == "True"
 # Should the script use HTTPS to send the POST requests? The hostname is from
 # the django SITE default. (Edit it using the admin panel.)
 SCRIPT_USE_HTTPS = os.getenv("SCRIPT_USE_HTTPS", "True") == "True"
+
+# How frequently should the tracking script "phone home" with a heartbeat, in
+# milliseconds?
+SCRIPT_HEARTBEAT_FREQUENCY = int(os.getenv("SCRIPT_HEARTBEAT_FREQUENCY", "5000"))
+
+# How much time can elapse between requests from the same user before a new
+# session is created, in seconds?
+SESSION_MEMORY_TIMEOUT = int(os.getenv("SESSION_MEMORY_TIMEOUT", "1800"))

shynet/ssl.webserver.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+# Start Gunicorn processes
+echo Launching Shynet web server...
+exec gunicorn shynet.wsgi:application \
+    --bind 0.0.0.0:8080 \
+    --workers 3 \
+    --timeout 100 \
+    --certfile=cert.pem \
+    --keyfile=privkey.pem

shynet/startup_checks.sh

@@ -0,0 +1,45 @@
+#!/bin/bash
+# Check if setup is necessary, do setup as needed
+echo "Performing startup checks..."
+sanity_results=( $(./manage.py startup_checks) )
+if [[ ${sanity_results[0]} == True ]]; then
+  echo "Running migrations (setting up DB)..."
+  {
+    ./manage.py migrate && echo "Migrations complete!"
+  } || {
+    echo "Migrations failed, exiting" && exit 1
+  }
+  else
+  echo "Database is ready to go."
+fi
+if [[ -n $SHYNET_ADMIN_EMAIL && ${sanity_results[1]} == True ]]; then
+  echo "Creating an admin user..."
+  {
+    temppwd=$( ./manage.py registeradmin $SHYNET_ADMIN_EMAIL ) && echo "Admin user ($SHYNET_ADMIN_EMAIL) created! Password: $temppwd"
+  } || {
+    echo "Failed to create admin, exiting" & exit 1
+  }
+  else
+  echo "Making no changes to admin user."
+fi
+if [[ -n $SHYNET_HOST && ${sanity_results[2]} == True ]]; then
+  echo "Setting hostname..."
+  {
+    ./manage.py hostname $SHYNET_HOST && echo "Hostname set to $SHYNET_HOST!"
+  } || {
+    echo "Failed setting hostname, exiting" & exit 1
+  }
+  else
+  echo "Making no changes to hostname."
+fi
+if [[ -n $SHYNET_WHITELABEL && ${sanity_results[3]} == True ]]; then
+  echo "Setting whitelabel..."
+  {
+    ./manage.py whitelabel $SHYNET_WHITELABEL && echo "Whitelabel set! Whitelabel: $SHYNET_WHITELABEL"
+  } || {
+    echo "Failed to set whitelabel, exiting" & exit 1
+  }
+  else
+  echo "Making no changes to whitelabel."
+fi
+echo "Startup checks complete!"

shynet/webserver.sh

@@ -1,8 +1,7 @@
 #!/bin/bash
-
 # Start Gunicorn processes
 echo Launching Shynet web server...
 exec gunicorn shynet.wsgi:application \
     --bind 0.0.0.0:8080 \
     --workers 3 \
-    --timeout 100
+    --timeout 100

tests/pixel.html

@@ -7,8 +7,8 @@
 </head>
 
 <body>
-    <noscript><img src="//localhost:8000/ingress/211410e6-b401-4fe8-8740-7926368590be/pixel.gif"></noscript>
-    <script src="//localhost:8000/ingress/211410e6-b401-4fe8-8740-7926368590be/script.js"></script>
+    <noscript><img src="//localhost:8000/ingress/test_uuid/pixel.gif"></noscript>
+    <script src="//localhost:8000/ingress/66015ce4-c69d-40fb-be8f-5535538d795e/script.js"></script>
 </body>
 
-</html>
+</html>